// Ripped from https://github.com/Ch0pin/medusa/ and modified to fit Androguard packets

colorLog('[+] LOADING FRAMEWORK/FLUTTER/VERIFY_CERT_CHAIN_BYPASS_V8A.JS',{c: Color.Red});

// Based on nviso's article https://blogger.nviso.eu/2020/05/20/intercepting-flutter-traffic-on-android-x64/

function hook(){
    var m = Process.findModuleByName("libflutter.so"); 

    var pattern = "ff 03 05 d1 fd 7b 0f a9 fa 67 10 a9 f8 5f 11 a9 f6 57 12 a9 f4 4f 13 a9 08 0a 80 52 48 00 00 39 16 54 40 f9";
    Memory.scan(m.base, m.size, pattern, {
        onMatch: function(address, size){
            colorLog('[+] ssl_crypto_x509_session_verify_cert_chain found at: ' + address.toString(),{c: Color.Green});
            colorLog('[+] Setting up hook.... ',{c: Color.Blue});
            Interceptor.attach(address,{

                onEnter: function(args){
                    colorLog('[+] Entering ssl_crypto_x509_session_verify_cert_chain ',{c: Color.Green});

                },
                onLeave: function(retval){
                    colorLog('\t[+] Initial Return Value: '+retval,{c: Color.Blue});
                    colorLog('\t[+] Returning True ',{c: Color.Red});
                    retval.replace(0x1);
                }

            });
        }, 
        onError: function(reason){
            console.log('[!] There was an error scanning memory');
        },
        onComplete: function()
        {
            colorLog('[+] All Done... ',{c: Color.Blue});
        }
    });
}


try {
    colorLog("[+] Finding libflutter.so",{c: Color.Green});
    Module.ensureInitialized("libflutter.so");
    hook();
} catch(err) {
    console.log("libflutter.so module not loaded. Trying to manually load it.")
    Module.load("libflutter.so");
}
